Job Summary
The ideal candidate has a strong background in cybersecurity risk management, a deep understanding of industry best practices and frameworks, and a track record of collaborating across teams on complex projects.
* Develop audit programs and plans, determine the scope of audit coverage, and manage internal and external audit engagements.
* Oversee the audit process, make recommendations on policies, and ensure compliance obligations are met.
* Coordinate and/or perform audit work, review reports and management responses, and review workpapers for proper support.
* Identify factors causing deficient conditions and provide constructive, practical recommendations for audit findings.
* Support iterative review of assessment results and follow up on the implementation of corrective actions.
* Conduct compliance assessments and internal control testing of critical business processes and systems.
* Identify and manage the implementation of new compliance requirements introduced by changes to regulations and frameworks like ISO 27001, SOC 2, NIST 800-53, and GDPR.
* Contribute to the development of scalable models and tools to improve decision-making and accuracy.
* Assimilate risk and compliance assessment data into concise reports and dashboards for leadership.
Requirements
* A self-starter who can drive tasks to completion independently and learn new skills as program requirements evolve.
* Possesses strong business judgment, deep analytical thinking, and the ability to manage multiple responsibilities in a fast-paced environment.
* Strong verbal and written communication skills and a solution-oriented approach.
* Experience with cybersecurity frameworks and industry standards such as NIST 800-53, ISO 27001, and COSO.
* Experience performing IT audits and control testing.
* Experience using GRC tools and technologies to support the assessment and audit process.
* Expertise in security control design, development, implementation, and monitoring.
Qualifications
* Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience.
* CISA, CRISC, CISM, or CISSP certifications are preferred.